[10303] in bugtraq
Re: AOL Instant Messenger URL Crash
daemon@ATHENA.MIT.EDU (Adam Brown)
Wed Apr 21 20:27:24 1999
Date: Tue, 20 Apr 1999 16:34:16 -0500
Reply-To: Adam Brown <mad@skill.org>
From: Adam Brown <mad@SKILL.ORG>
X-To: Daniel Reed <djr@narnia.n.ml.org>
To: BUGTRAQ@NETSPACE.ORG
I'm sorry if I was unclear in my first post. The only way I've seen to
exploit this is to send someone a hyperlink in the form of
aim:addbuddy?=screenname and have them click on it. (replacing "screenname"
with an actual screen name seems to give the same result) You can also set
up a web page that will redirect your victim to a client crashing URL once
they've caught on to your evil little scheme. :p I set up an example of
this at http://www.fazed.net/poof for testing purposes, of course.
Adam Brown
SpunOne@IRC
http://www.fazed.net
http://www.webzone.net
> I just sent <a href="aim:addbuddy?=screenname">what does this show up
as</a>?
> to an AOL AIM 2.0.996 user and once she *clicked* on it AIM crashed. I
don't
> know if you meant to say that the user had to click on it for the client
to
> crash, or if this is indeed different behaviour. I also just tried it with
> "screenname" replaced with first her screenname, and then with mine, again
> with no automatic reaction.
>
> (sent from linuxkitty, a naim-0.9.4-parse2 user, to <victim>, an AOL AIM
> 2.0.996 user)
> [15:59:43] linuxkitty: [LINK:href="aim:addbuddy?=screenname":what
> does this show up as]?
> [16:00:23] Friend <victim> has just logged off :(
> [16:03:09] Friend <victim> is now online =)
> [16:14:14] linuxkitty: [LINK:href="aim:addbuddy?=<victim>":miaow
> miaow] (don't click on that, I'm just testing something)
> [16:14:50] linuxkitty: [LINK:href="aim:addbuddy?=linuxkitty":anoth
> er test...]
>
> --
> Daniel Reed <n@ml.org>
> Many a false step is made by standing still...
>
